Via SlashDot, I found out that Debian 5.0 is out of the oven. They worked hard on it, and I’m downloading it as we speak, but the features seem to be many and if I know Debian they tested everything thoroughly and extensively.

The Debian Project is pleased to announce the official release of Debian GNU/Linux version 5.0 (codenamed Lenny) after 22 months of constant development. With 12 supported computer architectures, more than 23,000 packages built from over 12,000 source packages and 63 languages for the new graphical installer, this release sets new records, once again. Software available in 5.0 includes Linux 2.6.26, KDE 3.5.10, Gnome 2.22.2, X.Org 7.3, OpenOffice.org 2.4.1, GIMP 2.4.7, Iceweasel 3.0.6, Apache 2.2.9, Xen 3.2.1 and GCC 4.3.2. Other notable features are X autoconfiguring itself, full read-write support for NTFS, Java programs in the main repository and a single Blu-Ray disc installation media. You can get the ISOs via bittorrent. The Debian Project also wishes to announce that this release is dedicated to Thiemo Seufer, a Debian Developer who died on December 26th, 2008 in a tragic car accident. As a valuable member of the Debian Project, he will be sorely missed.

And of course the official announcement on the Debian homepage is here.

It was about time this happened, and honestly, I’m going to personally write a letter of recommendation to everyone that wants to use Windows this way. The procedure is simple, I can offer free trainings on it, I will even come to your place, almost for free…

Below you have a basic example, but the various situations you can take advantage of this situation are basically limitless…

Well, on the 25th of July some of us celebrated the 9th SysAdmin Day, but I forgot!

Thanks to Aghi, I remembered and with a slight delay, I made sure to add it to my calendar, so next year I won’t miss it.

On the front page of the website dedicated to this event it states what a sysadmin is, and why you should thank us:

If you can read this, thank your sysadmin

A sysadmin unpacked the server for this website from its box, installed an operating system, patched it for security, made sure the power and air conditioning was working in the server room, monitored it for stability, set up the software, and kept backups in case anything went wrong. All to serve this webpage.

A sysadmin installed the routers, laid the cables, configured the networks, set up the firewalls, and watched and guided the traffic for each hop of the network that runs over copper, fiber optic glass, and even the air itself to bring the Internet to your computer. All to make sure the webpage found its way from the server to your computer.

A sysadmin makes sure your network connection is safe, secure, open, and working. A sysadmin makes sure your computer is working in a healthy way on a healthy network. A sysadmin takes backups to guard against disaster both human and otherwise, holds the gates against security threats and crackers, and keeps the printers going no matter how many copies of the tax code someone from Accounting prints out.

A sysadmin worries about spam, viruses, spyware, but also power outages, fires and floods.

When the email server goes down at 2 AM on a Sunday, your sysadmin is paged, wakes up, and goes to work.

A sysadmin is a professional, who plans, worries, hacks, fixes, pushes, advocates, protects and creates good computer networks, to get you your data, to help you do work — to bring the potential of computing ever closer to reality.

Paul Vixie, the CEO of ISC (developers of bind/named), developer of CRON, who writes every so often on his circleid.com account made a short FAQ about the vulnerability:

Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I’ve heard plenty of complaints, and I’ve watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally.

Q: “This is the same attack as <X> described way back in <Y>.”A: No, it’s not.

Q: “You’re just fear-mongering, we already knew DNS was terribly insecure.”A: Everything we thought we knew was wrong.

Q: “I think Dan’s new attack is <Z>.”A: If you guess right, you can control the schedule, is that what you want?

Q: “I think Dan should have just come right out and described the attack.”A: Do you mind if we patch the important parts of the infrastructure first?

Q: “Why wasn’t I brought into the loop?”A: Management of trusted communications is hard. No offense was intended.

And you can check your ISP’s nameservers from this page: https://www.dns-oarc.net/oarc/services/dnsentropy You need to look at that test for port randomization, and you need to be above average to be safe. Beware that refreshing the test page will not show up *new* results, even if you make changes to your nameservers, so you need to go back to the prior link, and click on “Test my DNS” again.

Let’s think about a situation where you have a subdomain and you want it to be able to access files from the domain httpdocs directory. You cannot do that by default in Plesk, because of open_basedir. You can edit the httpd.include file in:

/var/www/vhosts/domain.com/conf/httpd.include

but that will only work until the next plesk restart or major modification.

But, the httpd.include file that manages a domain and subdomain explicitly says:

# ATTENTION!
# DO NOT MODIFY THIS FILE OR ANY PART OF IT. THIS CAN RESULT IN IMPROPER PLESK
# FUNCTIONING OR FAILURE, CAUSE DAMAGE AND LOSS OF DATA. IF YOU REQUIRE CUSTOM
# MODIFICATIONS TO BE APPLIED TO THE CONFIGURATION, PLEASE, PERFORM THEM IN THE
# FOLLOWING FILE(S):
# /var/www/vhosts/domain.com/conf/vhost.conf
# /var/www/vhosts/domain.com/subdomains/subdomain-name/conf/vhost.conf

So, disabling open_basedir is *usually* as simple as editing the vhost.conf file (or create it if it does not exist), and adding: